Using SafeKeeper to Protect Web Passwords

Arseny Kurnikov, Klaudia Krawiecka, Andrew Paverd, Mohmmad Mannan, N. Asokan

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

317 Downloads (Pure)

Abstract

Although passwords are by far the most widely-used user authentication mechanism on the web, their security is threatened by password phishing and password database breaches. SafeKeeper is a system for protecting web passwords against very strong adversaries, including sophisticated phishers and compromised servers. Compared to other approaches, one of the key differentiating aspects of SafeKeeper is that it provides web users with verifiable assurance that their passwords are being protected. In this paper, we demonstrate precisely how SafeKeeper can be used to protect web passwords in real-world systems. We first explain two important deployability aspects: i) how SafeKeeper can be integrated into the popular WordPress platform, and ii) how ordinary web users can use Intel SGX remote attestation to verify that SafeKeeper is running on a particular server. We then describe three demonstrations to illustrate the use of SafeKeeper: i) showing the user experience when visiting a legitimate website; ii) showing the encryption of the password in transit via live packet-capture; and iii) showing how SafeKeeper performs in the presence of phishing.
Original languageEnglish
Title of host publicationCompanion Proceedings of the The Web Conference 2018
PublisherACM
Pages159-162
ISBN (Electronic)978-1-4503-5640-4
DOIs
Publication statusPublished - 23 Apr 2018
MoE publication typeA4 Conference publication
EventThe Web Conference - Lyon, France
Duration: 23 Apr 201827 Apr 2018
https://www2018.thewebconf.org

Conference

ConferenceThe Web Conference
Abbreviated titleWWW
Country/TerritoryFrance
CityLyon
Period23/04/201827/04/2018
Internet address

Fingerprint

Dive into the research topics of 'Using SafeKeeper to Protect Web Passwords'. Together they form a unique fingerprint.
  • CloSer: Cloud-assisted Security Services

    Asokan, N. (Principal investigator)

    01/09/201631/08/2018

    Project: Business Finland: Other research funding

Cite this